Ransomware Source in Finalsite Attack Identified as School Websites Functioning Again

School website provider Finalsite said Monday that its cyber-investigation of last week's ransomware attack has identified the threat actor and that the 3,000 school websites offline for most of last week are now back online and functioning.

Thousands of K–12 schools and universities whose websites are hosted by Finalsite were affected by the outage starting on Tuesday, Jan. 4, though the reason for the outage was not disclosed until Thursday afternoon. As of noon Monday, all the websites were back online and most functions working, the company said, with a few remaining functions such as the file manager and integrations still being restored.

Finalsite Director of Communications Morgan Delack said Monday that company officials “were not able to quickly share the details of the why” in an effort to protect the investigation, and she added that while clients were notified of the outage later that day, “we should have sent communication to all our clients the moment the websites went down universally.”

“We should have done better” in that regard, Delack said. “We have been listening to the needs of our clients and (doing everything possible to) help make it as easy to recover from this as possible.”

With help from cybersecurity forensic investigators from Charles River Associates, Finalsite “has determined who the threat actor is, we have contained their activity, and we know how they gained access and when they gained access,” Delack said today. The investigation includes assistance from data privacy attorneys at Mullen Coughlin LLC, she said.

“We have found absolutely no evidence that client data has been compromised or extracted,” Delack added. “The remainder of the investigation is to confirm these findings and ensure compliance” with cybersecurity laws and best practices.

Delack said Friday that the company had full access to its files and data throughout the incident and a forensic investigation was under way. “We have no evidence that our data or client data has been taken.” Finalsite also noted that its database information on client schools is limited to names and email addresses and said the company does not store payment information, academic records, Social Security numbers or other personal information.

“It's important to note that the malware is not what took our sites offline,” Delack emphasized again on Monday. “We did so proactively — and immediately — upon learning of the issue in order to protect our data. The reconnection of our websites is taking so long because we had to rebuild everything in a clean, safe environment again. At this time, we have no evidence that data was compromised, and we credit that to our early actions.”

Delack initially estimated that about 5,000 of its almost 8,000 global customers had been affected by the incident; on Monday, that total was revised down to 3,000 school websites impacted.

Finalsite, with offices in Connecticut and the U.K., provides website, marketing, and communications platforms for schools and universities in 108 countries. It is a portfolio company of Veritas Capital.

Read more about the timeline of the outage and the company’s reaction in our initial report on the ransomware attack.

In a webinar for clients held late Thursday, Finalsite officers emphasized that they take security “extremely seriously and are frequently updating protocols” based upon any best practices and new information.

“The Finalsite security team has strict security measures in place to protect the information in our care, and have worked to add further technical safeguards to our environment,” the transcript reads. “We’ve invested $2.5 million into hosting security and our team monitors our network systems 24 hours a day, seven days a week. As we learn more about this incident, we are taking additional steps to further secure the environment and prevent this type of attack from occurring again.”

Cybersecurity and education officials have recently warned of a significant increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.